On 20 Mar 2015, at 12:33, Jeff Burdges <burd...@gmail.com> wrote: > I could imagine an “onion token” variant of ephemeral hidden services in > which the person who initiates the connection does not know what they’re > connecting to, like sending a message to a mailbox. Example : > > Alice wants Bob to send her a message asynchronously by anonymously dropping > it into a numbered mailbox system, but Alice only wants to check one mailbox > for all her contacts, so she does not want Bob to be able to reveal her > mailbox. > > Rough outline : > - Alice gives bob a “token” that contains a bunch of pre-encrypted tor > extends, data, etc. frames and some additional data such as symmetric keys. > Alice goes offline.
Actually Alice building this token would presumably involve the mailbox system too since it’s operating as a hidden service itself. > - Bob sends Alice’s mailbox a message by building a circuit to a specified > machine, encrypting each of the frames supplied by Alice for all of his > circuit except the endpoint because Alice already did that encryption, and > sending them. > - These frames continue building a circuit from that endpoint to wherever > Alice wants it to go. > - Bob encrypts his data frames using first the additional data supplied by > Alice so that they can traverse this longer circuit that he only understands, > and then encrypts those for the portion of the circuit he understands. > - Alice logs back in, contacts the mailbox hidden service, and retrieves her > messages, including Bob’s message. > > Optional : > - Amongst the frames Bob needs to use to set up the circuit might be one that > causes re-incryption so that even if an adversary hacked both Bob and the > mailbox system they cannot search the mailbox system for Bob’s message. > > Of course “onion tokens” would not live forever since Alice’s token fails to > describe a valid circuit if any server she selected goes down, but maybe it’s > provide a nice short-term asynchronous delivery options for IM systems like > Ricochet. > https://github.com/ricochet-im/ricochet > > Best, > Jeff _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
